Refactor base HA image #355
Conversation
Tricky with that is that we want debug symbols included in the libraries - that is the reason we compile them ourselves currently. The second thing we wanted to ensure is that the downgrade scripts are included ( The third thing we wanted to insure is the |
Sounds good. It's an easy tweak to build always. Looking at the debian packages, there are only a few with corresponding |
I can't say I ever really made tests for shell scripts? Between running the If people want tests, or if there is any more complexity at all, I'd switch languages. |
|
The current procedure for adding a new version of an extension includes modifying Streamlining that would be a win. I'll think a bit on it more. |
graveland
force-pushed
the
brent/base
branch
4 times, most recently
from
79c0ff6 to
b625d21
Compare
The latest push includes |
| publish-combined-builder-manifest: # publish a combined builder image manifest | ||
| @echo "Creating manifest $(DOCKER_BUILDER_URL) that includes $(DOCKER_BUILDER_URL)-amd64" | ||
| amddigest_image="$$(./fetch_tag_digest $(DOCKER_BUILDER_URL)-amd64)" | ||
| echo "AMD: $$amddigest_image" |
There was a problem hiding this comment.
Arm info is missing. is this the case to add it?
There was a problem hiding this comment.
It is. Arm was working 100%, but we need to sort out a secure arm64 builder infrastructure. I've got a PoC for that, but I need to sort out the webhooks for it from GH before re-introducing arm64.
graveland
force-pushed
the
brent/base
branch
5 times, most recently
from
6e807b4 to
21eeb16
Compare
|
Tricky to review, but we can try it on dev. A declarative way to describe build options and extensions/versions is a huge win. I'd add a step to list build docker images, which helps find the tag to put into the deployer config. |
| - "*.md" | ||
|
|
||
| schedule: | ||
| - cron: '0 7 * * 2' |
There was a problem hiding this comment.
For confirmation: we'll be publishing an image every Tuesday at 07:00 UTC, that's what we want?
There was a problem hiding this comment.
The time picked was arbitrary, and it stepped on me during testing a couple times so I bounced it around :)
The idea is to automatically pick up updated .debs to automatically include security fixes. I'd like it scheduled, but I don't care at all about when.
README.md
Outdated
| @@ -10,6 +10,8 @@ This directory contains everything that allows us to create a Docker image with | |||
|
|
|||
| Currently, our base image is Ubuntu, as we require glibc 2.33+. | |||
|
|
|||
| It's currently pushing the resuting images to: https://hub.docker.com/r/timescaledev/timescaledb-ha | |||
There was a problem hiding this comment.
| It's currently pushing the resuting images to: https://hub.docker.com/r/timescaledev/timescaledb-ha | |
| It's currently pushing the resulting images to: https://hub.docker.com/r/timescale/timescaledb-ha |
There was a problem hiding this comment.
I think we push to /timescale/ since commit 0c54000
There was a problem hiding this comment.
yup, is pushing to timescaledev just so that it can run concurrently with the master branch, and would be a thing that changes just before merging.
We wouldn't be using the results of this in the deployer, and the full image URLs/tags are in the action step summary for easy access :) |
graveland
force-pushed
the
brent/base
branch
from
e5be48b to
b5c9ba9
Compare
graveland
force-pushed
the
brent/base
branch
from
5cd284f to
c694a45
Compare
graveland
force-pushed
the
brent/base
branch
from
5a612e3 to
e2339ec
Compare
|
Looking forward to this as i'm interested in the ARM image for local development so I can achieve env parity. Thank you for the work you're putting in! |
`build_scripts/versions.yaml` contains packages, versions, min-max pg versions, and cargo-pgx version information for timescaledb and rust extensions. It's the one place to add configuration for extensions to decide if they'll be included in what pg versions. The next step will be to remove the `Makefile` environment variables containing all the requested versions. If the version environment variable is empty, we'll iterate through all the available versions in `versions.yaml`. If the environment variables are passed, we'll keep the current behaviour of using that to pick versions to build.
No need to update the Makefile, Dockerfile, or workflow files for most standard extension version changes. Timescaledb, toolkit, and promscale versions are all taken from versions.yaml unless overridden by the environment variables. This also adds `all` and `latest` as version specifications as well when they're the only item in the `*_VERSIONS` environment variables. These expand to all available, or the latest available versions from `versions.yaml`.
We have to expand the versions requested at build-time so it makes sense afterwards when checking the image
Getting prepared to merge
Docker hub: timescaledev -> timescale
|
From Main README are the image tagging prefixes still valid? How about this '-all'? |
|
Now that the builds are scheduled, there's a slight change. Taking If you want to suggest any changes to how the tags are pushed, let us know! |
|
@graveland I think the introduction of Not thinking you should do anything about it, just wanted to mention it if others see this in their Kubernetes: A work-around for users could maybe be to point out the image digest instead of tag, or just pulling the image manually to the dockerd. If you are curious to see the difference in image types, check the output of these: You will see an array with one element for the first command and you will see the element directly on the root for the second image. |
This is a large refactor that strips out all the things that aren't required for this image.
It also adds extra checks in the
cicdscripts to make sure the requested extensions andpackages are actually present in the image. It does this by looking in the new
/.image_configfile that contains the build parameters so we can do some introspection of the image.
The build scripts have been overhauled as well, including some matching for cargo-pgx
vs extension versions to optimize rust builds. Another major change is that requested
extensions first try to install
.debpackages, and fall back to building them. Thetimescaledb extension is always built though, as we want different build options than
what's currently in the debian packages.
Extension version and pg compatibility is described in
build_scripts/versions.yamland that file should be the only thing that needs updating to add new versions of
extensions as they are released.
This also adds most of the required support for arm64 builds as well, but we need to
fix public arm64 build runners before fully building multiplatform images. We do currently
build images with
-amd64tags, and create a manifest for the base tags, but only addthe one architecture to it for now.
There's also new github step summary information available after the build completes
that helps to easily see what's included in the image.
This currently pushes to
timescaledev/timescaledb-hainstead of the maintimescale/timescaledb-hadocker hub repository. Changing that will be the lastthing to happen prior to merging this PR. This also won't be merged until other
downstream changes have been sorted out. Until then, we can build and test from
the
timescaledev/timescaledb-haimages that this will build.In order to speed things up, this branch's publish-images github action only builds pg15,
so adding 12-14 to the matrix would happen before merging as well.